The business and culture of our digital lives, from the L.A. Times

Bin Laden death is magnet for scammers on Facebook, Google

May 2, 2011 | 4:25
pm

The death of Osama bin Laden has been an unusual magnet for online scammers and spammers, with malicious links profferring pictures of a deceased Bin Laden popping up to fool Facebook and Google users.

"The reported death of Osama Bin Laden is just too good a lure for cybercriminals and scammers to pass up," McAfee Inc. security researcher David Marcus said in a blog post.

No official photos or videos of Bin Laden's body have been released. So if you’re in search of pictures or video: Be careful.

On Google, searches related to Bin Laden direct users to Web pages where they are offered malicious software, said Chester Wisniewski, a security advisor from Sophos. The bad links falsely alert users that their computer may be infected and that they should download virus-scanning software, which is often a virus itself.

One Facebook posting appearing to be from the BBC trumpeted a link titled "Osama bin Laden Killed (LIVE VIDEO)." When clicked, the link takes the user to an outside page modeled to look like Facebook, where it asks the user to enter a verification code. When the user submits the code, the link is then posted to the user's Facebook account.

"The bad guys were quite fast," wrote Fabio Assolini, a researcher at Kaspersky Labs, another cybersecurity firm. They "started to poison searches results in Google Images" right away.

The means anyone searching for pictures of the dead Bin Laden would be offered images linked to nasty sites, which could again solicit users for credit card numbers or try to get them to download infected software.

Scammers frequently prey on Web surfers in the wake of big news events, but the cyber-underworld seemed to be operating extra quickly this time around.

When a massive earthquake and tsunami hit Japan, scammers were at work setting up websites, emails, pop-up ads and other ways to steal money intended for victims of the disaster, McAfee said.

Bottom line: Look closely before you click on anything that looks odd at all. One test is to hover your cursor over the link without clicking. The browser generally will show you the address of the linked site -- if you've never heard of it or if it has a name different from what the link text advertises, don't click.